The SEC has become increasingly vigilant and aggressive about what employers say in their confidentiality agreements and the context in which they say it. We previously cautioned employers when FINRA issued a Regulatory Notice cracking down on the use of confidentiality provisions that restrict employees from communicating with FINRA, the SEC, or any other self-regulatory organization or regulatory authority. The SEC has now followed suit in In re KBR, Inc., (pdf) the SEC’s first-ever enforcement action against a company for using overly restrictive language in one of its confidentiality agreements. (See, e.g., “SEC Declares Open Season on Employee Agreements,” (Law 360) (subscription required).

The Dodd-Frank Wall Street Reform and Consumer Protection Act (“Dodd-Frank”) amended the Securities and Exchange Act to include the whistleblower incentives and protections set forth in Section 21F. Rule 21F-17 prohibits employers from taking any action to “impede” an employee from communicating with the SEC about a possible securities law violation, including enforcing or threatening to enforce a confidentiality agreement. The SEC’s Chief of the Office of the Whistleblower, Sean McKessy, previously indicated that his office would be analyzing and looking to bring enforcement actions with respect to severance agreements, confidentiality agreements, and employment agreements that violate Rule 21F-17(a), part of the implementing regulations of the Dodd-Frank whistleblower incentive award program (i.e., the “bounty” program).

Interestingly, the SEC selected a very specific and particular type of agreement for its first publicized action: not a severance, employment, or general confidentiality agreement or policy, but rather an agreement that KBR’s compliance investigators required witnesses interviewed in connection with certain internal investigations to sign, warning them that they could face discipline or be fired if they discussed the substance of the interview with outside parties without prior approval from KBR’s legal department. KBR had begun using the form agreement at issue prior to the promulgation of Rule 21F-17.

Although there was no evidence that any KBR employees were ever actually prevented from communicating with the SEC pursuant to the confidentiality agreement, or that KBR took any actions to enforce the terms of the agreement, the SEC found that KBR’s use of the confidentiality agreement was unlawful because it improperly restricted employees from communicating with the SEC about the subject of an interview without KBR’s permission, and it undermined the purpose of Section 21F by discouraging employees from reporting possible SEC rules violations through threat of discipline.

KBR has agreed to pay the SEC $130,000 to settle the charges and voluntarily amended its confidentiality statement to expressly provide that it does not preclude employees from reporting possible violations of law or regulations to any government agency or from making other disclosures protected under federal whistleblower laws. The amended provision also makes clear that employees do not need KBR’s authorization to make such disclosures.

This should serve as a warning that blanket confidentiality provisions that arguably forbid employees from communicating with regulatory agencies, or require pre-approval to do so, unless carefully drafted to comply with Rule 21F-17, may run afoul of federal law. The SEC is fully committed to prosecuting such violations. Employers should therefore carefully review, and revise as necessary, all confidentiality agreements they use – whether in stand-alone agreements, employment agreements, separation agreements, or other policies or standards of conduct – so that they too do not become the targets of SEC enforcement actions or other regulatory scrutiny.